1. Technical Field
The disclosure relates, generally, to networks, and more particularly, to the monitoring and blocking of certain network traffic.
2. Description of Related Art
Firewalls and various other hardware and/or software components are used in networks to monitor and selectively block network traffic for various reasons, such as preventing unauthorized access to different networked hardware and/or software components. Conventional firewalls typically make access-control determinations based on characteristics of the network connections that traverse them. For example, conventional firewalls might block accesses originating from, passing through, and/or directed to specific combinations of Internet-Protocol (IP) addresses and ports. Other conventional firewalls control access based on a particular data protocol (i.e., information-encoding standard) being used. For example, a firewall might be configured to recognize the difference between the HTTP and SMTP protocols and block the former but not the latter. Alternatively, such firewalls might recognize that a specific access is directed toward a particular web application, such as a public instant-messaging system, and block access on that basis.
Thus, conventional access control schemes focus on controlling access by inspection of the characteristics of the person or computer accessing the information system the communications channels through which those accesses are made. This approach can ultimately be unsatisfactory, because a determined and clever attacker has multiple pathways for stealing access credentials and impersonating authorized users.
More specifically, many information systems employing conventional firewalls are still at risk of attacks mediated through the actual data and operational commands supported by those information systems, because conventional firewalls are unable to protect against such vulnerabilities. For example, unauthorized use or attempted unauthorized use of an industrial robot is not likely to be detected by a conventional firewall, so long as the unauthorized user accesses the robot via an IP address, a port, and a data protocol that are all valid. With a stolen or “hacked” valid password in hand, the unauthorized user can take advantage of such easy access to log in and use the robot. Even without having the password in hand, the unauthorized user might take advantage of such easy access to execute an automated software program for hacking into the system to obtain a valid password and then log in to use the robot using that password. Either way, using a conventional firewall renders the industrial robot defenseless against such vulnerabilities.